Cybersecurity in the Wake of Julian Assange
The dramatic extraction of Julian Assange from London’s Ecuadorian embassy in April marked a key moment in the saga of the controversial WikiLeaks founder. But now that his refuge is over, what impact – if any – has he had on the world of cybersecurity? James Fox investigates
Julian Assange is residing in Belmarsh Prison, serving a 50 week jail term for breaching bail conditions when he originally took refuge in the Ecuadorian embassy in 2012. Back then, it was an attempt to avoid extradition to Sweden in relation to sexual assault allegations, but he currently faces extradition to the US for hacking charges, as well as potential questioning from the Scandinavian nation.
All of which has firmly put the organisation Assange founded, WikiLeaks, back into the overlapping spotlights of politics and cybersecurity. WikiLeaks’ political impact has been discussed at length, but what of their influence on the cybersecurity industry?
Vault 7 was the 2017 release of documents by WikiLeaks alleging to show CIA hacking capabilities, the impact of which is described as “pretty profound” by Jake Williams, the founder and president of cybersecurity firm Rendition Infosec who previously worked for the NSA. Vault 7’s impact wasn’t as direct as dumps by groups like the Shadow Brokers, he argued, whose release of the alleged NSA malware led to the worldwide WannaCry attack, but an indirect influence remains.
“Any organisation or government dipping their toes into network exploitation can learn from those documents and leapfrog their program ahead,” he tells Encrypt. “It’s difficult to measure the impact of that but it’s highly naive to think that other governments haven’t been working with that data.”
WikiLeaks, Russia and hacktivist attacks
At the top of the list of government’s associated with WikiLeaks is Russia, Williams says, which he doesn’t see changing. “Foreign hackers, primarily Russia, are going to continue to try and influence the American and European elections.
“I don’t doubt for a minute they will dump with WikiLeaks.”
When companies such as Paypal began to stop servicing WikiLeaks in 2010 after the organisation began to release 250,000 diplomatic cables, supporters of the group hit Paypal with a distributed denial of service (DDOS) attack.
While Williams said there’s “no question” that retaliatory hacktivist attacks like these should be part of any threat model, he highlighted that many clients he talks to do not see themselves in this position.
“I think PayPal was in that same situation where if you’d asked them prior, ‘do you do anything controversial’ they would have said ‘no, we’re payment processor’. Then WikiLeaks occurs and Paypal are undoubtedly being pressured by the US government to stop processing. As soon as they do that they are effectively taking a stance but it is no question that it was a surprise to Paypal,” Williams says.
Has WikiLeaks impacted cybersecurity?
The digitalisation of political activism and its implications for the threat landscape is something highlighted by Robert Pritchard, founder and director of ‘TheCybersecurityExpert’ consultancy.
“Before people might protest outside their offices, whereas now they might run a denial of service of attack against your website,” Pritchard says. “So you should factor into your business planning that if you are doing something controversial, there may be blowback online.”
However, Pritchard believes the impact of WikiLeaks on the cybersecurity industry is overstated, saying that Assange’s organisation “influenced some minor changes in terms of vulnerabilities but nothing earth shattering.”
“You can have the best defences in the world and if you’ve got someone on the inside, you can’t beat them.”
He does believe WikiLeaks has been influential in their drive towards increased transparency, citing efforts by the UK’s CPNI to encourage companies to run whistleblowing programmes.
“If you’re an ethical and law-abiding organisation, or government, then you want people to have a way to circumvent management if they have to and take issues and report documents,” Pritchard says. “I think that perhaps WikiLeaks influenced that somewhat.”
“I think in cyber terms they weren’t really very relevant,” says Malcolm Taylor, director of cyber advisory at ITC Secure who originally started his career at GCHQ. “One thing they did do is highlight the value of an insider.
“You can have the best defences in the world and if you’ve got someone on the inside, you can’t beat them.
Shining the spotlight on insider threat
As Taylor outlines, the ‘insider threat’ is something well known as difficult to protect against, but recent developments with Assange’s prosecution have shone a light on how this type of threat is not just about disgruntled employees.
According to indictment papers, Assange, who paints WikiLeaks as an open mailbox for whistleblowers, engaged in coercive or even manipulative behaviour when handling Chelsea Manning, the US intelligence analyst who leaked, half a million Iraq and Afghanistan war reports and 800,000 Guantanamo Bay assessments.
When Manning told him “after this upload, that’s all I really have got left,” Assange allegedly responded “curious eyes never run dry in my experience,” phrases that will likely be significant in a future trial if Assange is successfully extradited.
Williams characterises this behavior as Assange treating Manning not as a journalistic source but as an asset, and says he believes these sorts of threats are “absolutely a neglected thing.”
“No organisation we have worked for has ever said they were totally ready for it,” Williams said. “We’re also seeing cases where a foreign national who couldn’t get a job at a company will direct somebody else by saying, ‘here’s some money and USB drives, go in here and download some files, plug this in and run the programme. We’ll take it from there and nobody will ever find out you were involved’.”
“No organisation we have worked for has ever said they were totally ready for it.”
Journalism vs criminal conspiracy
“I do not wish to surrender myself for extradition for doing journalism that has won many, many awards and protected many people,” Assange reportedly said at a hearing In London for his extradition.
But the indictment also alleges that he helped Manning crack passwords protecting US Department of Defense computers. It’s here again, in more explicit terms, that the line between Assange’s journalism and alleged criminal conspiracy blurs.
All three experts Encrypt spoke to had differing views on the longstanding question of whether a world without WikiLeaks would be one with less cyber threats, or one with simply less scope for whistleblowing.
Assange out of the equation is unlikely to change either of these realities and with the 2020 US elections on the horizon, many are expecting WikiLeaks to continue to be noteworthy, whether or not they embolden or even engage with cyber threats.